How Cybersecurity Varies Between Industries

Posted by onMarch 6, 2019| Featured

Cybersecurity is a critical issue for modern industries, but
some industries have different needs than others. This is due to factors that
vary between industries like motivation, attack vectors, regulations and
organizational structure. Learning about these differences may help organizations
better understand which cybersecurity needs are appropriate for them. It could,
for example, be rather pointless to apply the same requirements to two very
different industries, such as finance and healthcare.

1.
Motivations for Cyber Crime

According to a Verizon study,
financial incentives motivated 76 percent of data breaches. This makes the
motives behind much cyber crime in the finance industry clear. Indeed, Verizon’s
study found 93 percent of finance and insurance industry breaches were
financially motivated. By contrast, only 75 percent of healthcare breaches were
financially motivated. While the same percent of breaches was attributable to
espionage in both industries, fun and convenience caused a significantly larger
percent of breaches in the healthcare industry.

A surprising number of the data breaches in healthcare result
from employees interested in information about personal acquaintances or celebrities.
It is, perhaps, for this reason that Verizon’s study found that healthcare is
the only industry where more cybercrime originates from within organizations
than outside of them.

2.
Common Cyber Crime Vectors

Verizon’s study found that the most frequent cybercrimes
were hacking (including denial of service attacks and stolen credentials),
malware and social data breaches. But just because a type of attack happens
more often doesn’t necessarily mean it costs more. A study
that represented a collaboration between the Ponemon Institute and Accenture
found that the cybercrime vectors with the greatest overall cost were malware,
web-based attacks, denial of service attacks and malicious insiders.

Verizon’s report cited denial of service attacks, one of the
more expensive cyber crime vectors, as a particular concern for the financial
industry. As this does not seem to have been among top threats for other
industries, this means it’s likely these attacks target finance more than other
industries.

Healthcare also has vectors other industries don’t due to monitoring
equipment. As more of this equipment becomes part of the Internet of Things (IoT),
even these devices become possible vectors for cyber crime. To learn more, read
Impulse’s “How to
Decide Which IoT Devices to Allow” article.

3.
Impact of Regulations

While there are differences in common attack vectors between
industries, many industries, including finance and healthcare, are subject to
cybersecurity regulations. Some of these regulations are more general and apply
to multiple industries. One example is the NIST Cybersecurity Framework, which
provides cybersecurity best practices for sectors of critical US national infrastructure,
including healthcare and finance.

Finance has regulations imposed on it by various entities at
national and local levels while healthcare has regulations like the Healthcare
Information Portability and Accountability Act (HIPPAA), which protects patients’
personal health information. Differences in regulations between industries and
how strictly they’re enforced can account for how seriously an industry as a
whole takes cybersecurity seriously due to fines and other consequences for not
adhering to regulations.

4.
Impact of Organizational Structure

Some industries, like healthcare and finance, are more
centralized than others, but attacks can still vary due to the structure common
among organizations within industries.

One such consideration is the size of most organizations
within an industry. For example, the Ponemon Institute and Accenture’s study found
that small organizations incur more costs due to malware, web-based attacks,
and phishing and social engineering attacks while larger organizations incur
more costs due to denial of service attacks, malicious insiders and malicious
code. It might, therefore, be assumed that in industries where larger
organizations conjugate, the threats common among larger businesses will be
more common and vice versa.

5.
Results of Cyber Crime

The aforementioned differences in cyber crime between
industries leads to differences in cyber crime’s end results. Perhaps the most
prominent example of this is how much the overall cost of cyber crime varies by
industry.

The Ponemon Institute and Accenture’s study found that
financial services lost $18.28 million to cyber crime, more money than any
other industry. Healthcare came in fourth at $12.42 million. Given that the
financial industry, by its nature, deals with money, it’s easy to see why cyber
attacks targeting the financial industry would be more expensive than the
healthcare industry.

Yet, while attacks to the healthcare industry might not be
as expensive as attacks in the finance industry, Verizon’s study found that 24
percent of breaches involved the healthcare industry, suggesting that though
breaches in this industry may be less expensive, they may well be more common. This
demonstrates that the monetary results of cybercrime can differ greatly between
industries.

How Impulse Can Help

While some elements of cyber crime can vary between
industries, the need to keep your organization’s network secure from cyber
criminals does not. Whether your industry is education, finance, healthcare, local
government or another industry entirely, Impulse’s SafeConnect and software
defined perimeter (SDP) solutions help maintain network security.

SafeConnect is a Network Access Control (NAC) solution that blocks
people who shouldn’t be on your network while keeping network access simple for
those who should. Meanwhile, SDP works to maintain a secure network for
employees accessing company data beyond the office itself.